Serverless Computing

Serverless Computing in CEH

Why Serverless Computing Is Important

Serverless computing represents a pivotal shift in cloud architecture that security professionals need to understand. It's important because:

• It changes the attack surface of applications
• It introduces new security considerations compared to traditional deployments
• It's rapidly being adopted across industries
• It presents unique forensic and auditing challenges
• Understanding it is critical for comprehensive security assessments

What Is Serverless Computing?

Serverless computing is a cloud execution model where the cloud provider manages the infrastructure, automatically provisions and scales resources as needed. Despite its name, servers still exist, but the developer doesn't need to manage them.

Key characteristics include:

• Event-driven execution: Functions run in response to events
• Micro-billing: Pay only for execution time, not idle resources
• Auto-scaling: Automatic scaling from zero to peak demand
• Ephemeral: Stateless functions with limited execution time

Popular serverless platforms include AWS Lambda, Azure Functions, Google Cloud Functions, and IBM Cloud Functions.

How Serverless Computing Works

1. Function Creation: Developers write code functions designed for specific tasks

2. Deployment: Functions are uploaded to the cloud provider

3. Event Triggers: Functions are associated with event sources (HTTP requests, database changes, file uploads, etc.)

4. Execution Environment: When triggered, the cloud provider instantiates a container with your function

5. Execution: Function processes the event data and returns a response

6. Termination: The container may persist briefly for reuse, then terminates

Security Aspects of Serverless Computing

• Shared Responsibility Model: Provider handles infrastructure; developers handle application security

• Reduced Attack Surface: No OS or server management reduces certain attack vectors

• Security Concerns:
- Function event data injection
- Insecure dependencies
- Insufficient monitoring
- Broken authentication
- Over-privileged function permissions
- Insecure secrets storage
- DDoS vulnerabilities

• Defense Strategies:
- Input validation
- Least privilege IAM policies
- Dependency scanning
- Function timeouts
- API Gateway protections
- Encryption for data at rest and in transit

Exam Tips: Answering Questions on Serverless Computing

• Focus on the security implications rather than just the technology benefits

• Know the terminology: FaaS (Function as a Service), event triggers, cold starts, execution contexts

• Understand the attack vectors unique to serverless architectures

• Recognize the differences between container security and serverless security

• Be familiar with common serverless platforms and their security features

• For scenario-based questions, remember the ephemeral nature of serverless and how it affects incident response

• Pay attention to questions about logging and monitoring in serverless environments

• Look for the shared responsibility boundaries in security scenarios

When you see questions about serverless computing, think about:

1. Who is responsible for which security controls?
2. What are the possible attack entry points?
3. How does the ephemeral nature affect security posture?
4. What compensating controls might be necessary?

Remember that in the CEH exam, the focus will likely be on identifying vulnerabilities and attack vectors rather than implementing serverless architectures.